Just wondering if anyone else has had problems emerging net-firewall/iptables on a RaQ2+ / Qube? I tried tonight on my near-freshly installed RaQ2+ (more or less Kumba's stage 3 + a bunch of tiny tweaks running kernel 2.6.7 and a couple of other basic utilities)

Incase this helps anyone, I ended up merging the 2.4.x mips-sources package, changing the /usr/src/linux symlink to point to that one and compiled iptables-1.2.11 (edited the ebuild to unmask it). It compiled and installed with no problems.

Once I was done, I pointed the symlink back to the 2.6.7 kernel and unmerged the 2.4 mips-sources.

This "oddity" is because of the way Gentoo does kernel headers. One reason you are advised in other distros to never change the /usr/src/linux symlink is because these point to the running system headers, and in some circles, it is believed these headers should match the version of kernel in your system.

In non-gentoo systems, /usr/include/linux and /usr/include/asm are normally symlinks to /usr/src/linux/include/linux and /usr/src/linux/include/asm (w/ /usr/src/linux/include/asm being a symlink to /usr/src/linux/include/asm-<ARCH>). For gentoo, though, the linux-headers (or for mips systems, mips-headers) package installs headers directly into /usr/include/linux and /usr/include/asm. By making these two directories not rely on symlinks to /usr/src/linux, you remove the need to maintain a /usr/src/linux symlink around. But, some ebuilds are a little weird, and still use it anyways. An issue I'll be opening a bug on shortly, since not only have I run into this issue several times on multiple systems/archs, but now user reports are having it too (atleast for mips, I'm quite sure it's been reported for other archs at random).

Anyways, just FYI, for cobalt and sgi machines, right now, all users should be using mips-headers-2.4.x (whatever is stable). There are mips-headers-2.6.x, but they're for testing only. Stay very far away from them. it's safe to run mips-sources-2.6.x w/ 2.4 system headers. The only time you really need 2.6 headers is if you run NPTL, which is an impossibility on mips right now..

Now that I have iptables up and running, I noticed that the system seems to perform just fine (downloading at 300+kbyte/sec over my cable link) when you've only got one interface up. However the moment I bring up the second interface pings on the second interface (eth1 - cable modem) jump to 3-6 SECONDS and pings on the first interface (eth0) jump to 3ms (100M-FDX). I thought this was my cable provider's problem but as soon as I swapped back to my old router (p-133 running Slackware w/ Linux 2.6.6) pings are .01ms on the internal and 10ms on the external interfaces.

I don't know if this is the pci chipset acting up or network driver issues -- has anyone else seen similar issues, if so are there any workarounds anyone's found?

Again, I'm more than happy to provide more info, and if anyone wants to poke around the box to see if they can extract any info, just shoot me an email (mernisse at ub3rgeek dot net and I'll see if I can hook you up).

Now that I have iptables up and running, I noticed that the system seems to perform just fine (downloading at 300+kbyte/sec over my cable link) when you've only got one interface up. However the moment I bring up the second interface pings on the second interface (eth1 - cable modem) jump to 3-6 SECONDS and pings on the first interface (eth0) jump to 3ms (100M-FDX). I thought this was my cable provider's problem but as soon as I swapped back to my old router (p-133 running Slackware w/ Linux 2.6.6) pings are .01ms on the internal and 10ms on the external interfaces.

I don't know if this is the pci chipset acting up or network driver issues -- has anyone else seen similar issues, if so are there any workarounds anyone's found?

Again, I'm more than happy to provide more info, and if anyone wants to poke around the box to see if they can extract any info, just shoot me an email (mernisse at ub3rgeek dot net and I'll see if I can hook you up).

Thanks in advance

My Qube 2 is almost up and running, I'm installing iptables and some other stuff atm. I'll let you know how it performs later today.

The box has been up and routing between the two interfaces for about two hours now and I don't notice any slowdowns...
I could post my kernel config and iptables script if you want...don't know if that would help you

The box has been up and routing between the two interfaces for about two hours now and I don't notice any slowdowns...
I could post my kernel config and iptables script if you want...don't know if that would help you

Are you running 2.6? If so I'd be more than grateful to see your kernel config, maybe I missed something in there.

If you don't want to post the .config to the board you can shoot me an email at mernisse at gmail dot com

I did have Linux 2.6.6 on mine... but it gave me grief with SCSI... It appears I don't seem to have the source tree laying anywhere otherwise I'd upload my config._________________Stuart Longland (a.k.a Redhatter, VK4MSL)
I haven't lost my mind - it's backed up on a tape somewhere...

Before I went to sleep yesterday i started emerging samba.
Now my box seems completely dead, it doesn't respond to pings, sshd doesn't respond. BUT it still routes packets...
I'll post my .config as soon as i bring the box back to life.

I diffed Kumbas and mine, and then don_thomaso's and mine and there's not a noticable difference, mostly in the netfilter and ipsec options (since this is going to be a nat/ipsec gateway router...hopefully)

Anyway, if anyone else notices any big oops, let me know...

BTW: with just the one interface up I downloaded a 25M test file from my ISP's speedtest server and got:
26214400 bytes received in 73.4 secs (3.5e+02 Kbytes/sec)

mernisse: Interesting problem you describe with the two interfaces up. Not much I can do to test this -- my RaQ2 only has one interface, and the family here prefers a linksys router over a linux box for that stuff (long story). Have you tried 2.6.7 by chance? You might also fire an email to Peter Horton, who did the bulk of the bug fixes to get 2.6.x to run on Cobalt, and see if he might have any ideas. If you discover anything, let me know.

mernisse: Interesting problem you describe with the two interfaces up. Not much I can do to test this -- my RaQ2 only has one interface, and the family here prefers a linksys router over a linux box for that stuff (long story). Have you tried 2.6.7 by chance? You might also fire an email to Peter Horton, who did the bulk of the bug fixes to get 2.6.x to run on Cobalt, and see if he might have any ideas. If you discover anything, let me know.

--Kumba

Actually, I am running 2.6.7. The really odd thing is that there's no errors in any log files, the interface counters show a few errors but nothing major.

I'll shoot peter an email this weekend and see what he thinks, meanwhile if anyone can duplicate this, I'd be intrested -- at least that way I know it isn't my hardware :)

If you can, try the other 2.6.x versions too. mips-sources has 2.6.4 still available, as that's the last known kernel I've gotten an Indigo2 to boot with. I'd like to see if this issue is w/ all 2.6.x kernels on your machine.

Help
Im stuck on this one. This is a clean install of gentoo on my Cobalt Raq2. I have the base OS down, just need to get the kernel and a boot loader (colo) on and I should be done. This (see error below) happens when ever I try to compile a 2.4.24, 2.4.25 and 2.4.26 kernel on my Cobalt RaQ 2 server. Any ideas on a fix?? I have spent a few days tring to fix this issue and im stuck. If any one has a working kernel config file that would be of great help. I have tried kumba's kernel config file's but both fail with the same issue.
-DingbatCA

Are you using mips-sources? (Or using sources downloaded from linux-mips.org)?

The kernel.org kernels are usually lacking quite heavily with reguards to the MIPS architecture, so nasty compile errors like this one are not uncommon if you're using "vanilla" sources.

If it helps, I can put up the sources & config I'm using... as I've had no big issues._________________Stuart Longland (a.k.a Redhatter, VK4MSL)
I haven't lost my mind - it's backed up on a tape somewhere...

-Redhatter
All sources have been gentoo sources, "#emerge mips-sources(ver)".
If you would be so kind as to post your config and what kernel version you are running, that would be great.
Thx
-DingbatCA

Eh, this is a small problem. The errors regarding "accum" imply you have gcc-3.4.x on your system. You can build a kernel with it, but it will not boot. I'll have to talk w/ the mips team about how to handle the gcc-3.4.x thing.

For now, you probably still have gcc-3.3.x on, just you need to switch to it. Use something like this:

Code:

# gcc-config mipsel-unknown-linux-gnu-3.3.3

That will switch you back to a 3.3.3 compiler. Use that to build a kernel (and colo), then switch back to 3.4.x if needed.

Wipe your tree, and restart. Make sure in "Machine Selection" you select Cobalt Microserver AND unset SGI IP22 (Indy/Indigo2). What's happening is it looks like your trying to compile a kernel that is attempting to build in code for both IP22 AND Cobalt.

If you can, try the other 2.6.x versions too. mips-sources has 2.6.4 still available, as that's the last known kernel I've gotten an Indigo2 to boot with. I'd like to see if this issue is w/ all 2.6.x kernels on your machine.

--Kumba

I had a chance to test the latest 2.4 kernel out of mips-sources and that seems to work OK, granted I'm not using the box as a router at the moment, so if it's the iptables stuff I wouldn't have used it yet...

I will try and get to the 2.6.4 tonight after work, I've been stuck on dialup for the last week so I havn't really had a chance to play with the box much...

((edit))
2.4.26 worked fine while downloading through it as a router at 340kbyte/sec showing 15-20% system load the whole time.

Of course, I spoke too soon....
everything was working peachy under 2.6.4 and then about 10 minutes after bringing up my ipv6 tunnel (I was reconfiguring another server at that point, supid new /64 assignments...) the router decided to crap itself. I couldn't get an ssh connection in, so I had to use the serial console..
load showed down around 5-7%, and it wasn't having the ping problems like it was before (pings were averaging around 10-30ms to my isp's webserver) but for some reason websites were loading at about the speed of dialup.

iptraf wasn't showing much traffic, only about 110kbit/sec or so...but it was so slow... I swapped back to my production router and everything was fine again...

I guess I'll give 2.4.26 another try, see if I can get it to break or not....